--- loncom/interface/lonmenu.pm	2022/06/30 21:04:14	1.524
+++ loncom/interface/lonmenu.pm	2023/04/11 21:54:09	1.531
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines to control the menu
 #
-# $Id: lonmenu.pm,v 1.524 2022/06/30 21:04:14 raeburn Exp $
+# $Id: lonmenu.pm,v 1.531 2023/04/11 21:54:09 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -935,16 +935,22 @@ sub innerregister {
                 if ($env{'form.title'}) {
                     $title = $env{'form.title'};
                 }
-                my $trail;
+                my ($trail,$cnum,$cdom);
+                if ($env{'form.folderpath'}) {
+                    $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+                    $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+                    &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom);
+                }
                 if ($env{'form.folderpath'}) {
                     &prepare_functions($resurl,$forcereg,$group,undef,undef,1,$hostname);
+                    $title = &HTML::Entities::encode($title,'\'"<>&');
                     ($trail) =
                         &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1);
                 } else {
                     &Apache::lonhtmlcommon::add_breadcrumb(
                     {text  => "Supplemental $crstype Content",
                      href  => "javascript:gopost('/adm/supplemental','')"});
-                    $title = &mt('View Resource');
+                    $title = &HTML::Entities::encode(&mt('View Resource'),'\'"<>&');
                     ($trail) = 
                         &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1);
                 }
@@ -956,7 +962,7 @@ sub innerregister {
                 &Apache::lonhtmlcommon::clear_breadcrumbs();
                 &prepare_functions('/public'.$courseurl."/syllabus",
                                    $forcereg,$group,undef,undef,1,$hostname);
-                $title = &mt('Syllabus File');
+                $title = &HTML::Entities::encode(&mt('Syllabus File'),'\'"<>&');
                 my ($trail) =
                     &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1);
                 if (ref($showncrumbsref)) {
@@ -1056,6 +1062,71 @@ sub innerregister {
                     'Folder/Page Content');
         }
 # End modifiable folder/page container check
+
+#
+# Determine whether to show View As button for shortcut to display problem, answer, and submissions
+#
+
+        if (($env{'request.symb'} ne '') &&
+            ($env{'request.filename'}=~/$LONCAPA::assess_re/) &&
+            (($perms{'mgr'}) || ($perms{'vgr'}))) {
+            my ($viewas,$text,$change,$visibility,$vuname,$vudom,$vid,$leftvis,$defdom,$righticon);
+            my %lt = &Apache::lonlocal::texthash(
+                                                 view => 'View',
+                                                 upda => 'Update',
+            );
+            if ($env{'request.user_in_effect'} =~ /^($match_username):($match_domain)$/) {
+                ($vuname,$vudom) = ($1,$2);
+                unless (&Apache::lonnet::is_advanced_user($vudom,$vuname)) {
+                    $vid = (&Apache::lonnet::idrget($vudom,$vuname))[1];
+                }
+                $viewas = $env{'request.user_in_effect'};
+                $text = $lt{'upda'};
+                $change = 'off';
+                $visibility = 'inline';
+                $leftvis = 'none';
+                $defdom = $vudom;
+                $righticon = '&#10006;';
+            } else {
+                $text = $lt{'view'};
+                $change = 'on';
+                $visibility = 'none';
+                $leftvis = 'inline';
+                $defdom = $cdom;
+            }
+            my $sellink = &Apache::loncommon::selectstudent_link('userview','vuname','vudom');
+            my $selscript=&Apache::loncommon::studentbrowser_javascript();
+            my $shownsymb = &HTML::Entities::encode(&Apache::lonenc::check_encrypt($env{'request.symb'}),'<>&"');
+            my $input = &mt('User: [_1] or ID: [_2] at: [_3]',
+                            '<input name="vuname" type="text" size="8" value="'.$vuname.'" />',
+                            '<input name="vid" type="text" size="8" value="'.$vid.'" />',
+                            &Apache::loncommon::select_dom_form($defdom,'vudom')).
+                            '<input name="LC_viewas" type="hidden" value="'.$viewas.'" />',
+                            '<input name="symb" type="hidden" value="'.$shownsymb.'" />';
+            my $chooser = <<END;
+$selscript
+<a href="javascript:toggleViewAsUser('$change');" class="LC_menubuttons_link">
+<span id="usexpand" class="LC_menubuttons_inline_text" style="display:$leftvis">&#9658;&nbsp;</span>
+</a>
+<fieldset id="LC_selectuser" style="display:$visibility">
+<form name="userview" action="" method="post" onsubmit="event.preventDefault(); return validCourseUser(this,'$change');">
+<span class="LC_menubuttons_inline_text LC_nobreak">
+$input
+$sellink
+</span>
+&nbsp;<input type="submit" value="$text" />
+</form>
+</fieldset>
+<a href="javascript:toggleViewAsUser('$change');" class="LC_menubuttons_link">
+<span id="uscollapse" class="LC_menubuttons_inline_text">$righticon</span>
+</a>
+END
+            &switch('','',7,5,'viewuser.png','View As','user[_1]',
+                    'toggleViewAsUser('."'$change'".')',
+                    'View As','','',$chooser);
+        }
+# End view as user check
+
     }
 # End course context
 
@@ -1371,8 +1442,12 @@ sub get_editbutton {
         if ($env{'form.folderpath'}) {
             $suppanchor = $env{'form.anchor'};
         }
+        my $shownsymb;
+        if ($env{'request.symb'}) {
+            $shownsymb = &Apache::lonenc::check_encrypt($env{'request.symb'});
+        }
         $jscall = &Apache::lonhtmlcommon::jump_to_editres($cfile,$home,$switchserver,
-                                                $forceedit,$forcereg,$env{'request.symb'},
+                                                $forceedit,$forcereg,$env{'request.symb'},$shownsymb,
                                                 &escape($env{'form.folderpath'}),
                                                 &escape($env{'form.title'}),$hostname,
                                                 $env{'form.idx'},&escape($env{'form.suppurl'}),
@@ -1631,7 +1706,7 @@ sub advtools_crumbs {
                 'advtools', @funcs[61,73,74,71,72]);
         } else {
             &Apache::lonhtmlcommon::add_breadcrumb_tool(
-                'advtools', @funcs[61,71,72,73,74,92]);
+                'advtools', @funcs[61,71,72,73,74,75,92]);
         }
     } elsif ($env{'request.noversionuri'} eq '/adm/viewclasslist') {
         &Apache::lonhtmlcommon::add_breadcrumb_tool(
@@ -1653,7 +1728,7 @@ sub clear {
 # The javascript is usually similar to "go('/adm/roles')" or "cstrgo(..)".
 
 sub switch {
-    my ($uname,$udom,$row,$col,$img,$top,$bot,$act,$desc,$cat,$nobreak)=@_;
+    my ($uname,$udom,$row,$col,$img,$top,$bot,$act,$desc,$cat,$nobreak,$form)=@_;
     $act=~s/\$uname/$uname/g;
     $act=~s/\$udom/$udom/g;
     $top=&mt($top);
@@ -1704,7 +1779,7 @@ sub switch {
         } else {
             $inlineremote[$idx] =
        '<a title="'.$desc.'" class="LC_menubuttons_link" href="javascript:'.$act.';">'.$pic.
-       '<span class="LC_menubuttons_inline_text">'.$top.'&nbsp;</span></a>';
+       '<span class="LC_menubuttons_inline_text">'.$top.'&nbsp;</span></a>'.$form;
         }
     }
     return '';
@@ -2245,6 +2320,79 @@ END
     }
 }
 
+sub view_as_js {
+    my ($url,$symb) = @_;
+    my %lt = &Apache::lonlocal::texthash(
+                ente => 'Enter a username or a student/employee ID',
+                info => 'Information you entered does not match a valid course user',
+    );
+    &js_escape(\%lt);
+    return <<"END";
+
+function toggleViewAsUser(change) {
+    var seluserid = document.getElementById('LC_selectuser');
+    var currstyle = seluserid.style.display;
+    if (change == 'off') {
+        document.userview.elements['LC_viewas'].value = '';
+        document.userview.elements['vuname'].value = '';
+        document.userview.elements['vid'].value = '';
+        document.userview.submit();
+        return;
+    }
+    if (currstyle == 'inline') {
+        seluserid.style.display = 'none';
+        document.getElementById('usexpand').innerHTML='&#9658;&nbsp;';
+        document.getElementById('uscollapse').innerHTML='';
+    } else {
+        seluserid.style.display = 'inline';
+        document.getElementById('usexpand').innerHTML='';
+        document.getElementById('uscollapse').innerHTML='&#9668;&nbsp;';
+    }
+    return;
+}
+
+function validCourseUser(form,change) {
+    var possuname = form.elements['vuname'].value;
+    var possuid = form.elements['vid'].value;
+    var possudom = form.elements['vudom'].options[form.elements['vudom'].selectedIndex].value;
+    if ((possuname == '') && (possuid == '')) {
+        if (change == 'off') {
+            form.elements['LC_viewas'].value = '';
+            form.submit();
+        } else {
+            alert("$lt{'ente'}");
+        }
+        return;
+    }
+    var http = new XMLHttpRequest();
+    var url = "/adm/courseuser";
+    var params = "uname="+possuname+"&uid="+possuid+"&udom="+possudom;
+    http.open("POST", url, true);
+    http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+    http.onreadystatechange = function() {
+        if (http.readyState == 4 && http.status == 200) {
+            var data = JSON.parse(http.responseText);
+            if (Array.isArray(data.match)) {
+               var len = data.match.length;
+               if (len == 2) {
+                   if (data.match[0] != '' && data.match[1] != '') {
+                       form.elements['LC_viewas'].value = data.match[0]+':'+data.match[1];
+                       form.submit(); 
+                   }
+               } else {
+                   alert("$lt{'info'}");
+               }
+            }
+        }
+        return;
+    }
+    http.send(params);
+    return false;
+}
+
+END
+}
+
 sub utilityfunctions {
     my ($httphost) = @_;
     my $currenturl=&Apache::lonnet::clutter(&Apache::lonnet::fixversion((split(/\?/,$env{'request.noversionuri'}))[0]));
@@ -2286,6 +2434,24 @@ sub utilityfunctions {
 
     my $countdown = &countdown_toggle_js();
 
+    my $viewuser;
+    if (($env{'request.course.id'}) &&
+        ($env{'request.symb'} ne '') &&
+        ($env{'request.filename'}=~/$LONCAPA::assess_re/)) {
+        my $canview;
+        foreach my $priv ('msg','vgr') {
+            $canview = &Apache::lonnet::allowed($priv,$env{'request.course.id'});
+            if (!$canview && $env{'request.course.sec'} ne '') {
+                $canview =
+                    &Apache::lonnet::allowed($priv,"$env{'request.course.id'}/$env{'request.course.sec'}");
+            }
+            last if ($canview);
+        }
+        if ($canview) {
+            $viewuser = &view_as_js($esc_url,$esc_symb);
+        }
+    }
+
     my ($ltitarget,$deeplinktarget);
     if ($env{'request.lti.login'}) {
         $ltitarget = $env{'request.lti.target'};
@@ -2502,6 +2668,8 @@ function open_aboutLC() {
 
 $countdown
 
+$viewuser
+
 ENDUTILITY
 }
 
@@ -3200,7 +3368,7 @@ sub placement_progress {
 }
 
 sub linkprot_exit {
-    if (($env{'request.ciurse.id'}) && ($env{'request.deeplink.login'})) {
+    if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) {
         my ($deeplink_symb,$deeplink);
         my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
         my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
@@ -3226,10 +3394,17 @@ sub linkprot_exit {
                         exit     => 'Cancel',
                     );
                     if ($exit) {
-                        my $height = 250;
-                        my $width = 300;
-                        my $exitbuttontext = &mt('Exit Tool');
-                        return <<END;
+                        my ($show,$text) = split(/:/,$exit);
+                        unless ($show eq 'no') { 
+                            my $height = 250;
+                            my $width = 300;
+                            my $exitbuttontext;
+                            if ($text eq '') { 
+                                $exitbuttontext = &mt('Exit Tool');
+                            } else {
+                                $exitbuttontext = $text;
+                            }
+                            return <<END;
 <form method="post" name="LCexitButton" action="/adm/linkexit">
     <input type="hidden" name="LC_deeplink_exit" value="" />
     <button id="LC_exit-confirm-opener" type="button">$exitbuttontext</button>
@@ -3271,6 +3446,7 @@ sub linkprot_exit {
 </script>
 
 END
+                        }
                     }
                 }
             }
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>